Microsoft throws 'kill switch' on own certificates after Flame hijack

Gregg Keizer |
June 5, 2012

Microsoft on Sunday revoked several of its own digital certificates after discovering that the makers of the Flame super-cyber spy kit figured out a way to sign their malware with the company's digital "signature."

Hypponen called the exploiting of the Windows Update and Microsoft Update -- two names for essentially the same service -- "the nightmare scenario" in security professionals' minds.

Microsoft seemed less concerned with Flame itself -- and its use of Microsoft-signed certificates -- than with the possibility that what it called "less sophisticated attackers" could leverage the same flaw to launch broader malware campaigns.

The company's Jonathan Ness, an engineer with the Microsoft Security Response Center, provided more detail on Flame's code-signing in a post to the Security Research & Defense blog.

The "out-of-band" update can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.